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LISTING OF THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1 . (Currently Amended) A method for assigning certificates/private keys to a token, 
comprising: 

accessing the token through a token reader connected to a computer system by a 
certificate/private key authority; 

reading a token ID and a user-signature certificate from the token; 

searching for a match for the token ID and the user signature certificate in an 
authoritative database; 

creating a certificate, wherein the certificate is wrapped with a public key 
associated with the token ID and digitally signing the certificate/private key using a signature 
certificate of the certificate authority; 

downloading the certificate/private key to the token; and 

decrypting the certificate/private key using a private key stored in the token. 

2. (Original) The method recited in claim 1, wherein the certificate/private key is a plurality of 
certificates/private keys that at least one certificate/private key is a signature certificate for the 
user, encryption certificate/private key for the user, and role certificate/private key for the user. 

3. (Original) The method recited in claim 2, wherein the wrapping of the certificate with the 
public key of the token encrypts the certificate. 

4. (Original) The method recited in claim 3, wherein the token is a smart card. 

5. (Original) The method recited in claim 4, wherein the token ID is assigned by a token 
manufacturer at the time the token is created and stored in the authoritative database when 
assigned to a user. 
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6. (Original) The method recited in claim 5, wherein downloading the certificate/private key to 
the token is done through an unsecured communications line. 

7. (Original) The method recited in claim 6, wherein decrypting the certificate/private key 
using a private key stored in the token requires the entry of a passphrase by a user. 

8. (Currently Amended) The method recited in claim 447, further comprising: 

authenticating, by the signing of the certificate/private key using a signature 
certificate of the certificate authority, that the certificate/private key was issued by the certificate 
authority. 

9. (Currently Amended) A computer program embodied on a computer readable medium 
and executable by a computer for assigning certificates/private keys to a token, comprising; 

accessing the token through a token reader connected to a computer system by a 
certificate authority; 

reading a token ID and a user signature certificate from the token; 

searching for a match for the token ID and the user signature certificate in an 
authoritative database; 

creating a certificate, wherein the certificate is wrapped with a public key 
associated with the token ID and digitally signing the certificate/private key using a signature 
certificate of the certificate authority; 

downloading the certificate/private key to the token; and 

decrypting the certificate/private key using a private key stored in the token. 

10. (Original) The computer program recited in claim 9, wherein the certificate/private key is a 
plurality of certificates/private keys that at least one certificate/private key is a signature 
certificate for the user, encryption certificate/private key for the user, and role certificate/private 
key for the user. 



Serial No. 10/027,622 



Docket No. NG(MS)7194 



11. (Original) The computer program recited in claim 10, wherein the wrapping of the certificate 
with the public key of the token encrypts the certificate/private key. 

12. (Original) The computer program recited in claim 1 1, wherein the token is a smart card. 

13. (Original) The computer program recited in claim 12, wherein the token ID is assigned by a 
token manufacturer at the time the token is created and stored in the authoritative database when 
assigned to a user. 

14. (Original) The computer program recited in claim 13, wherein downloading the 
certificate/private key to the token is done through an unsecured communications line. 

15. (Original) The computer program recited in claim 14, wherein the decrypting the 
certificate/private key using a private key stored in the token requires the entry of a passphrase 
by a user. 

16. (Original) The computer program recited in claim 15, further comprising: 

authenticating by the signing the certificate/private key using a signature 
certificate of the certificate authority that the certificate/private key was issued by the certificate 
authority. 



